Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
44
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
120
Getting Blindly Lucky
jr0ch17
0
78
Qu'est-ce que le bug bounty?
jr0ch17
0
120
Finding 5 bugs in a single parameter
jr0ch17
0
84
Beyond the Borders of Scope
jr0ch17
0
70
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
pfn
PRO
0
820
「技術負債にならない・間違えない」 権限管理の設計と実装
naro143
35
10k
関係性が駆動するアジャイル──GPTに人格を与えたら、対話を通してふりかえりを 習慣化できた話
mhlyc
0
130
AWSにおけるTrend Vision Oneの効果について
shimak
0
110
OpenAI gpt-oss ファインチューニング入門
kmotohas
2
850
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
130
PLaMoの事後学習を支える技術 / PFN LLMセミナー
pfn
PRO
9
3.7k
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
moriyuya
4
300
extension 現場で使えるXcodeショートカット一覧
ktombow
0
190
From Prompt to Product @ How to Web 2025, Bucharest, Romania
janwerner
0
110
Pythonによる契約プログラミング入門 / PyCon JP 2025
7pairs
5
2.4k
ユニットテストに対する考え方の変遷 / Everyone should watch his live coding
mdstoy
0
110
Featured
See All Featured
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
Building an army of robots
kneath
306
46k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
188
55k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
840
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.2k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.2k
Code Reviewing Like a Champion
maltzj
525
40k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
GitHub's CSS Performance
jonrohan
1032
460k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
pfn
naro143
mhlyc
shimak
kmotohas
databricksjapan
moriyuya
ktombow
janwerner
7pairs
mdstoy
garrettdimon
kastner
kneath
jeffersonlam
addyosmani
soudai
tammyeverts
rmw
samanthasiow
maltzj
jonrohan
